Processing – any operation or set of operations which are performed on Personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Brief introduction

At WestStein your personal and financial privacy comes first at everything we do. We believe you deserve and need to know that your data is collected, used and processed fairly, securely and lawfully at all times. To be transparent about how we use your data, we have listed all technologies and third parties used to ensure you the best possible experience with us. In the following Privacy policy, we will inform you about the collection, use and Processing of your data when using our Website, Mobile App or Customer card portal (CCP). You should read this Privacy policy in conjunction with our terms and conditions and other related documents disclosed when you open an account with WestStein. If you have any questions, comments or requests regarding this Privacy policy, please feel free to address them to [email protected] or [email protected].

4. Types of information gathered

4.1. Website

When visiting Website for informational purposes, we do collect data that are provided by your internet browser or device you are using to view pages on our Website.

Following data are processed (but not limited to):

Your IP address;

Date and time;

The content of information requested (what page on Website was requested);

Size of information requested and status of the request;

Browser version;

The page you are coming from (if any);

Operating system;

Operating system/browser language;

Based on your IP address, location is detected, meaning your Internet Service Provider (ISP) has provided you with an Internet Protocol (IP) address to access the internet. Information that ISP has provided upon registration is available freely and based on it, an approximate location is detected.

Who are we?

Prepaid Financial Services (PFS) is a fast-growing technology company and e-money payments institution with offices in the UK, Malta and Ireland. PFS is authorized and regulated by the Financial Conduct Authority in the UK, as an electronic money institution, under reference number 900036. We provide own label and white label e-money financial solutions, including e-wallets, prepaid cards, and current accounts. PFS provides complete end to end solutions for clients by designing, developing, implementing, and managing these programmes.

What, Why?

It is important that you know exactly what we do with the personal information you and others make available to us, why we collect it and what it means for you. This document outlines the PFS approach to Data Privacy to fulfill our obligations under the EU General Data Protection Regulation (GDPR) 2018 of 25th May 2018. We also welcome it as an opportunity to reassure you of the importance we place on keeping your personal data secure, and of the strict guidelines we apply to its use.

Providing prepaid card services to you as per our contractual obligations;

Providing e-wallet services to you;

Providing IBAN Account services to you;

Processing your account information;

To comply with our legal obligations for the prevention of fraud, money laundering, counter-terrorist financing or misuse of services;

Verifying your identity;

Contacting you regarding our service to you;

Where requested by law enforcement for investigation of a crime.

Our legal basis for processing the personal data:

Receipt of your consent;

Performance of a contract where you are a party;

Legal obligations that PFS is required to meet;

National law.

Any legitimate interests pursued by us, or third parties we use, are as follows:

The prevention of fraud, money laundering, counter-terrorist financing or misuse of services.

Consent

By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified above. Consent is required for PFS to process personal data, but it must be explicitly given. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used.

Consent for Children Under 16

If you are giving consent on behalf of a child under 16 then please be aware that Children need specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned, and also of their rights in relation to the processing of personal data for the purposes of using these services. By consenting to this privacy notice on behalf of a minor you are giving permission for their data to be used for the purposes described above.

Withdrawal of Consent Conditions

You may withdraw consent from direct marketing at any time by contacting our Data Protection Officer. Please note, where you have consented to your data being used for carrying out financial transactions, then the right to withdraw consent does not exist. As a payment service provider, PFS is obliged to retain data concerning financial transactions for 6 years in accordance with national law for the purpose of preventing, detecting and investigating, by the FIU or by other competent authorities, possible money laundering or terrorist financing.

Disclosure

PFS will only pass on your personal data to third parties, including internationally, once we have obtained your consent. Some of our service providers, like payment processors, risk management solutions and suppliers are based outside of the EEA. Where we authorize the processing or transfer of your personal information outside of the EEA, we require your personal information to be protected to data protection standards and we ensure that there are adequate safeguards in place for data protection. The GDPR prohibits transfers of personal data outside the European Economic Area to a third country that does not have adequate data protection. Where transfer occurs outside the EEA the following mechanisms are in place with the third parties:

Data Protection clauses in our contracts and agreements with third-parties;

PFS will process personal data for the duration of the contract for services and will store the personal data for 6 years after that date of termination of the contract.

Your rights as a data subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

Right of access – you have the right to request a copy of the information that we hold about you.

Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.

Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. Your data relating to financial transactions, accounts or cards cannot be deleted due to national law associated with the prevention of fraud, money laundering, counter-terrorist financing or misuse of services for a crime.

Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.

Right of portability – you have the right to have the data we hold about you transferred to another organization.

Right to object – you have the right to object to certain types of processing such as direct marketing.

Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.

Right to judicial review, in the event that PFS refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.

All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data. You will find a copy of our Subject Access Request Form on our website.

Complaints

In the event that you wish to make a complaint about how your personal data is being processed by PFS (or third parties as above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and PFS’s Data Protection Officer by email to [email protected]. Data Protection Officer – Prepaid Financial Services, Fifth Floor, Langham House, 302-308 Regent Street, London, W1B 3AT.

If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO) – Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, ICO helpline, Telephone: 0303 123 1113.

Further information can be found in our Cookies Policy on our website.

4.3. Mobile App

When you download our Mobile App – it registers your Google or Apple ID in connection with this downloaded app and the technical parameters of your device. In case you will rate or comment our Mobile App – your Google or Apple ID will be published and stored. We reply to your comments in case there is an assistance required, and anonymously store suggestions, in case such are present in your comment, for future developments. Summary of your device information is used to determine most widespread devices, and Mobile App testing is later performed on such device types.

5. Technologies used

5.1. Cookies

Cookies are small files, that are stored on your device you are browsing the internet from. They locally store information about your previous visit, length of it, amount of data transferred, your IP address, your language preference, reference (if you are coming from another site) etc. With a similar functionality work also web beacons – transparent images usually no larger than 1 by 1 pixel – that, unlike cookies, also provide information about your interaction (for example, for e-mails web beacons provide information about certain e-mail being opened by the user repeatedly).

We use 2 types of cookies – session and persistent cookies. Session cookies are deleted from your device at the end of every browser session. Persistent cookies (such as your selected Website language) remain on your device until your browser deletes them automatically, or you do that manually. You can view cookie validity time in your browser.

There are several purposes cookies are used for in general:

User authentication – allows us to recognize you and to enable you a safer usage of our Website.

Usage statistics and analysis – provides us with information on Website usage statistics and your overall experience on our Website.

On our Website cookies of third parties can be in use, if you visited our Website through any of the offers placed on our cooperation partners sites.

Providing services – cookies that allow us to provide you with the access for CCP.

You can disable the usage of cookies in your browser manually or delete (clean) them in your browser settings. Please, take into a consideration that each browser stores and ensures a cleanup service in a different manner.

We would like to warn you that deleting cookies or disabling cookie usage can cause functional restrictions in Website and CCP.

5.2. Google reCaptcha

A plugin that enables us to detect mouse movements and checks whether the behavior is “human-like”. We are not aware of the data that are transferred in encrypted form to Google. We do think that it could contain your shortened IP address, screen resolution, mouse movement coordinates.

Google reCaptcha used in:

Applying for an account and card.

Activating your account and card.

Managed by: Google.

6. Weststein profiles

Weststein holds several profiles in social networks that are used to distribute information and promote products.

6.1. Facebook

Weststein has a profile on Facebook that is used to publish news, blog articles, special offers, information about working hours. We do not see the publicly available data you have shared with Facebook, apart from cases when you chat with us, follow our profile, leave a comment. In such cases, the information you share publicly is visible together with Name and Last Name information of your profile. All other information is presented in summary form, segmented by age, sex, location. In case you do not like to see these data to be presented, please update your profile settings. If you do not want Facebook to associate your visit on our Website or Facebook profile with your data, please log out from Facebook before visiting our Website.

Facebook is used for:

Advertising – offering our products to Facebook users.

Publishing valuable information.

Publishing polls.

Your data is used for:

Retargeting advertisements – in case you visited our Website but did not ordered a card, advertisement will reappear.

Lookalike campaigns – showing advertisements to people with similar interests and overall profile information to our Website visitors, that Facebook collects, if you were logged in Facebook during your visit on our Website.

Greet you and respond to you, if you sent a message to our Facebook profile.

6.2. Twitter

Weststein has a profile on Twitter that is used to publish news, blog articles, special offers, information and working hours. We do not see individual users apart from followers, retweets, information that is available to all authenticated users of Twitter also in a form of your Twitter name and information that is provided to Twitter. All other information is presented in summary form, segmented by age, sex, location. In case you do not like to see these data to be presented, please update your profile settings.

If you do not want Twitter to associate your visit on our Website or Twitter profile with your data, please log out from Twitter before visiting our Website.

Twitter is used for:

Publishing information.

Advertising – offering our products to Twitter users.

Your data is used for:

Retargeting advertisements – in case you visited our Website, but did not order a card, an advertisement will reappear.

Lookalike campaigns – showing advertisements to people with similar interests and overall profile information to our Website visitors, that Twitter collects, if you were logged in Twitter during your visit on our Website.

Greet you and respond to you, if you sent a message to our Twitter profile.

6.3. YouTube

Weststein has a profile on YouTube that is used to promote our products, inform customers and educate them about our product and services. If you log into YouTube or do it via Google and leave comments or follow or vote for videos on our channel, your public information what you have shared with YouTube can be seen by other users and Company. All other information is presented in summary form, segmented by age, sex, location. In case you do not like to see these data to be presented, please update your profile settings.

If you do not want YouTube to associate your visit on our Website or YouTube profile with your data, please log out from YouTube before visiting our Website.

YouTube is used for:

Publishing informational and educating videos.

Advertising – offering our products to YouTube users.

Your data is used to:

Greet you and respond to you, if you sent a message to our YouTube profile.

Retargeting advertisements – in case you visited our Website, but did not ordered a card, advertisement will reappear.

6.4. LinkedIn

Weststein has a profile on LinkedIn that is used to promote vacancies, share news and updates about our working hours. When commenting on any of our publication or campaign your public information what you have shared with LinkedIn can be seen by other users and Company. All other information is presented in summary form, segmented by age, sex, location. In case you do not like to see these data to be presented, please update your profile settings.

When applying for a vacancy in LinkedIn Company receives your Linkedin profile information that is shown in the e-mail with the additional information that you provided with Linkedin as a cover letter or an attached CV.

LinkedIn is used for:

Publishing information.

Publishing vacancies.

Advertising – offering our products to LinkedIn users.

Your data is used to:

Greet you and respond to you, if you sent a message to our LinkedIn profile.

6.5. Google +

Weststein has a Google + account that is used to promote our products, blog articles and updates about our working hours. If you are using Google Chrome browser and you are logged in – Google will store information about your visit, according to your account settings. You can see history in https://myaccount.google.com/privacy#activity -> in “My activity”. All other information is presented in summary form, segmented by age, sex, location. In case you do not like to see these data to be presented, please update your profile settings.

6.6. Google My Business

Weststein has a profile on Google My Business that is used to administer information that is available in Google Search Engine and Google Maps. We see the amount of people that requested direction to our office, or left review or called us from Google my business profile. In case of review – after publishing it is visible together with information of your Google profile.

6.7. Draugiem.lv

Weststein has a profile on Draugiem.lv that is used to promote our Website and products for an audience mainly from Latvia. When suggesting a post or commenting on our post in Draugiem.lv, other users will be able to see your basic information – your name, last name, photo, age and other information you have added to your public profile. When publishing new advertisement campaign, we can set target audience, that is filtered by Draugiem.lv algorithms based on your age, sex, location and other parameters that are associated with your user profile. It means we can show you an advertisement, but we are not able to see your and any other users information in our campaign. In case you do not like to see these data to be presented, please update your profile settings.

Draugiem.lv is used for:

Advertising – offering our products to users.

Publishing information.

Retargeting advertisements – in case you visited our Website, but did not ordered a card, advertisement will reappear.

7. Tracking functionalities

7.1. Google analytics

Weststein has a Google analytics account and tracking code that is used to improve our Website and analyze its performance. Google uses cookies to provide and enable analysis of your experience on our Website and CCP.

Retrieved information by Google is – your device data, IP address (stored in a shortened form), also your device information, including but not limited to Operating System, browser, screen resolution, user language, country (based on IP address), visit timeframe, path on our Website and, if redirected from other sites, source of this redirection.

7.2. Hotjar

Weststein has a Hotjar account and tracking code that helps us better understand your experience (e.g. how much time you spend on which Website pages, which links you choose to click, what you do etc.) – as a result, we are able to optimize our Website to make it as relevant and adjusted to your needs as possible. Therefore ensuring you greater value than before. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display Website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user.

7.3. HubSpot

Weststein has a HubSpot account that is used to record information you input in forms, apart from forms of CCP. We do this to see the completion of forms, also in case we see that you have difficulties with some of them, we might contact you (based on contact details entered) to help you complete the process you have started.

7.4. Sumo

Weststein has a Sumo account that is used to set advertisements via pop-ups in Website, to drive sign-ups to our newsletters, as well as to offer and inform customers about important product updates. Each newsletter subscriber afterward is registered with MailChimp mailing list. Information shared with Sumo contains only your e-mail address and name.

Sumo is used to:

Enable sign-ups for our newsletters.

Locate relevant pop-ups in our Website in order to:

Notify users about important product updates,

Notify users about changes in product fees,

Offer users to sign up for our newsletter.

Your data is used to:

Later send you personalized and relevant e-mails after you subscribed to our newsletter.

8. Other advertisements

8.1. Google AdWords

Weststein has a Google Adwords account that is used to place advertisements on Google search results and in Google advertisement placements located on various websites around the internet. We also use Google Adwords to show relevant text and banner advertisements to you, if you have visited our Website before. It means we can show you an advertisement, but we are not able to see your and any other users information. The results of Google Adwords advertisements are shown in Google Analytics in a form of statistics.

Google Adwords is used to:

Advertise products on Google search pages

Advertise products on partner pages

Your data is used for:

Retargeting advertisements – to show you the most relevant information, based on your customer status with Weststein.

9. SMS

9.1. Sales.lv

Weststein uses Sales.lv service that provides SMS messages delivery to inform you about, for example, an incoming transaction on your WestStein cards’ account. Data that are sent – message content might contain your Name and phone number for you to know you have received a relevant information.

Sales.lv is used to:

To send SMS messages to customers worldwide.

Your data is used to:

Send you information about your Weststein account.

Managed by: Sales.lv, Antonijas iela 22 – 3, Rīga, Latvia

10. Chat

10.1. Jivochat

Weststein uses Jivochat service that provides service of chatting on our Website. We use Jivochat to be able to provide you with an immediate help when you are in need. Information that is present to our employees is the page you started to chat from, the time you are viewing our Website. Also, if you provide details of your name, phone number, and e-mail address, that information is visible to our Employee you are chatting with.

Jivochat is used to:

Provide chat functionality in Website.

Allow customers to create and send an e-mail message to [email protected] after working hours.

Your data is used to:

Answer your messages via e-mail, if you started a chat on our Website outside of our working hours.

11. Phone calls

11.1. LMT

Weststein uses LMT service that provides us with phone numbers that are in use by our employees and departments (Customer support, for example) to contact customers. We use a provided solution “Zvanu pavēlnieks” that provides us with statistical data on phone calls received/made and allows to route incoming calls according to selections each user has made on his phone. In reports, we see phone numbers of the caller and the receiver used to detect how many unique phone calls have been received within a certain period (in generalized form). Also, LMT allows us to prepare statistics of average call duration, Employee name who answered a call, etc. In case you leave a message in the mailbox, we see your phone number from which you recorded the audio message.

11.2. Dzinga.com

Weststein uses Dzinga.com service that provides us with phone numbers in separate countries, Dzinga provides us with service of phone number routing. For example, if you are calling us from Germany, your call is then forwarded to our customer service phone line.

Dzinga.com is used to:

Forward phone calls to Customer support that are received by phone numbers registered in several EU countries.

12. Emails

We are using several providers that enable us to connect with you via e-mail.

12.1. Gmail

Weststein uses Google email service provided by Google cloud services that is used to communicate with customers, potential partners and Company staff. We use group e-mails, such as [email protected] or [email protected] and also personalized e-mails with employee name and surname. Information shared in group e-mails is accessible only to employees who are responsible for managing group e-mails as a part of their daily duties. Personalized e-mails are accessible only to the assigned employee.

12.2. Mandrill

Weststein uses Mandrill service to guide you through card activation and verification process, which includes also error messages, confirmation e-mails and other information you need to successfully complete the verification process. Information sent to Mandrill consists of your preferred communication language, name and e-mail address. In case you do not want to receive such e-mails in the future, please use unsubscribe link, that is provided in the bottom of each e-mail. By clicking on it, you will remove your e-mail address from a mailing list, and any further e-mails will not be delivered. Together with e-mail, Web Beacons (also called tracking pixels) are sent, that enables us to see (in summarized view) – how many e-mails were opened, read, deleted etc.. There is no Personal data transfer in this operation.

Mandrill is used to:

Send e-mails on card activation,

Send e-mails on customer verification,

Including verification troubleshooting e-mails.

Your data is used to:

Send you only relevant information based on your customer status at PFS.

12.3. MailChimp

Weststein uses Mailchimp service to send you e-mails, concerning subscriptions in our web-page, as well to inform you about changes in our Terms and Conditions, Privacy policy, updates in product pricing and working hours and to send you our monthly newsletter and special deals if any are available. Information shared with this MailChimp consists of your preferred communication language, e-mail address and name. If you do not want to receive such e-mails in the future – please use Unsubscribe link, that is located at the bottom of every e-mail we send you. Important – please, be warned that unsubscribing from Mailchimp messages – removes you from all our mailing lists. It means you will not also receive e-mails, if you forget your password and need to renew it through your e-mail. Please, think twice before unsubscribing, if you are an active Weststein card user.

MailChimp is used to:

Send information to all Weststein customers.

Distribute monthly newsletter with important product updates and news.

Your data is used to:

Send you only relevant information based on your customer status at PFS.

13. Affiliate programmes

13.1. Post Affiliate PRO

Weststein uses Post Affiliate PRO service that enables you to register as Company Affiliate from our Website. Information that was entered in Website is sent to Post Affiliate PRO. Afterwards, the responsible Employee checks the Affiliate application, approves or declines application.

If you are approved as an Affiliate, you receive login credentials for Post Affiliate PRO and afterward can use a unique Affiliate link to drive traffic to our Website. Inside Post Affiliate Pro platform you can track clicks and card applications. Affiliate earns a commision of successful card application.

13.2. Do Affiliate

Weststein uses Do Affiliate service that enables Affiliates to register as Company Affiliate. Whenever someone orders a WestStein card after visiting our Website through Affiliates unique link, they will earn a commision, that they can later withdraw from Do Affiliate program software. We do not share data with Do Affiliate in any way. Also we do not see any data from Do Affiliate database.

14. Personal data subject access requests

At any point, while we are in possession of or Processing your personal data, you, the data subject, have the right to request a copy of the information that we hold about you. To provide you with this information securely, we will require additional information to verify your identity.

To verify you as an identifiable user of Payment Services in Prepaid Financial Services Limited (PFS), these requests will be forwarded to PFS. You may revoke your consent of Personal data use, revocation may cause that Payment Services no longer are unrestrictedly available. See – point #11. Right to Cancel (“Cooling-Off’) in Terms and conditions.